CyanogenMod is working on privacy mode for apps

CyanogenMod founder Steve "Cyanogen" Kondik has taken to Google+ to announce that the developers of the popular open source third-party firmware for Android phones are working to implement a privacy sandbox for applications. The planned feature will be unique to CyanogenMod and will enable users to isolate the private, personal data stored in their Android phone from applications on an app-by-app basis. Kondik has not given a date for when the feature will be included in CyanogenMod, but he is hopeful that it is "coming soon".

This announcement comes after the project came under heavy criticism by its users recently for disabling the ability to opt out of submitting anonymised development information. The project eventually reversed its decision in response to privacy concerns voiced by its users.

The CyanogenMod founder explains that the new privacy mode is implemented by a per-application flag that, when set, causes the operating system to send empty contact list, calendars, browser history and text messages to the application if it requests them, instead of the actual information available on the system. It will also tell the flagged applications that the device's GPS is turned off, regardless of its actual state. Kondik's API also provides a call that application developers can use to make their application aware of being run in privacy mode. Developers can use this to, for example, show a message that explains why their app will not work as intended under these circumstances – a mapping application may not be much use without location information, for instance.

While privacy mode is engaged, a quick panel item is provided by CyanogenMod that allows users to easily turn the feature off. Kondik makes clear that his API does not provide fine-grained control to selectively share data and that it is currently not designed to do so: "It's a single option available under application details." The feature also does not provide IMEI spoofing or ad-blocking as it is, according to Kondik, designed to protect the user's personal data from apps on request and no more.